Siemens AG Siclock central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated critical. What are these Siemens Siclock flaws and how can they be exploited?

German manufacturer and tech giant Siemens recently disclosed six vulnerabilities — three classified as critical — that were found in its Siclock central plant clock systems. These systems are used to synchronize all the components of industrial control systems that automate industrial processes.

The flaws affected the Siemens Siclock TC100 and TC400 product lines; however, those products are being discontinued, so Siemens did not release patches for the newly found vulnerabilities.

The most serious vulnerability, tracked as CVE-2018-4853, enables an attacker with network access to UDP port 69 to modify the device’s firmware and run arbitrary code on the device with no user interaction required. This vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 9.8 out of 10.

Another vulnerability, tracked as CVE-2018-4854 and with a CVSS rating of 9.6, enables a different attack through UDP port 69 in which a threat actor can modify the system’s administrative client. If a legitimate user downloads the malicious client, the system can be compromised.

The third critical vulnerability, tracked as CVE-2018-4851 and with a CVSS rating of 9.1, causes Siemens Siclock to reboot when it receives malicious packets. The resulting denial-of-service attack can disrupt operations because time synchronization can be interrupted when the devices reboot.

Siemens did not offer patches for the vulnerabilities, but it instead posted workarounds and mitigations for customers to reduce the risk of these vulnerabilities. Siemens’ suggestions included using redundant time sources for critical plant controllers, protecting all network devices behind properly configured firewalls, implementing plausibility checks to verify that the Siemens Siclock devices are functioning correctly and using network segmentation techniques for defense in depth.